exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

Files from catatonicprime

Email addresscatatonicprime at gmail.com
First Active2012-10-02
Last Active2023-06-07
PaperCut PaperCutNG Authentication Bypass
Posted Jun 7, 2023
Authored by catatonicprime | Site metasploit.com

This Metasploit module leverages an authentication bypass in PaperCut NG. If necessary it updates Papercut configuration options, specifically the print-and-de vice.script.enabled and print.script.sandboxed options to allow for arbitrary code execution running in the builtin RhinoJS engine. This module logs at most 2 events in the application log of papercut. Each event is tied to modification of server settings.

tags | exploit, arbitrary, code execution
advisories | CVE-2023-27350
SHA-256 | f4313d7696bef22bdc9abcdfd185a2f5ec910ab23fce5708d4d336c70e7796cb
Ektron 8.5 / 8.7 / 9.0 XSLT Transform Remote Code Execution
Posted Mar 4, 2017
Authored by catatonicprime | Site metasploit.com

Ektron versions 8.5, 8.7 equal to and below sp1, and 9.0 before sp1 have vulnerabilities in various operations within the ServerControlWS.asmxweb services. These vulnerabilities allow for remote code execution without authentication and execute in the context of IIS on the remote system.

tags | exploit, remote, vulnerability, code execution
advisories | CVE-2015-0923
SHA-256 | 6b1de3cc6f9202a90298b9c0b5161490264ce265eaa1362e8c2215e2610223ee
Hak5 WiFi Pineapple Preconfiguration Command Injection 2
Posted Oct 19, 2016
Authored by catatonicprime | Site metasploit.com

This Metasploit module exploits a command injection vulnerability on WiFi Pineapples versions 2.0 and below and pineapple versions prior to 2.4. We use a combination of default credentials with a weakness in the anti-csrf generation to achieve command injection on fresh pineapple devices prior to configuration. Additionally if default credentials fail, you can enable a brute force solver for the proof-of-ownership challenge. This will reset the password to a known password if successful and may interrupt the user experience. These devices may typically be identified by their SSID beacons of 'Pineapple5_....'; details derived from the TospoVirus, a WiFi Pineapple infecting worm.

tags | exploit, worm
advisories | CVE-2015-4624
SHA-256 | f541430f19dac4f0494fce74a1f639f98b5978e237ef67e38fdf6c2074172475
Hak5 WiFi Pineapple Preconfiguration Command Injection
Posted Oct 19, 2016
Authored by catatonicprime | Site metasploit.com

This Metasploit module exploits a login/csrf check bypass vulnerability on WiFi Pineapples versions 2.0 and below and pineapple versions prior to 2.4. These devices may typically be identified by their SSID beacons of 'Pineapple5_....'; Provided as part of the TospoVirus workshop at DEFCON23.

tags | exploit, bypass
SHA-256 | a7c674d3afc9aac9f7580ff6d5085516706f69a88e446351782762c85af1d133
WiFi Pineapple Predictable CSRF Token
Posted Aug 12, 2015
Authored by catatonicprime

WiFi Pineapples with firmware versions 2.3.0 and below suffer from using a predictable cross site request forgery token.

tags | exploit, csrf
advisories | CVE-2015-4624
SHA-256 | d28d69f0685d472bf2f32a107ab1c86929af0af281983fb44aed43ba9dda6a3d
DartWebserver.dll 1.9.2 Null Pointer Dereference
Posted Apr 9, 2013
Authored by catatonicprime

DartWebserver.dll version 1.9.2 suffers from a null pointer dereference denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2012-5389
SHA-256 | d201bd7a36fcea870aad04534a979594fe58f5895eead86ee5d8a10913d8604a
Cerberus FTP Server Cross Site Scripting
Posted Dec 19, 2012
Authored by catatonicprime

Cerberus FTP server suffers from a cross site scripting vulnerability in the web administration interface.

tags | advisory, web, xss
advisories | CVE-2012-6339
SHA-256 | 6b28cd4efe0efed16181b5e08b92d87bf9d077078b76c02a2852907b2bcbb029
Campaign Enterprise 11 SQL Injection / Unauthorized Access
Posted Oct 20, 2012
Authored by catatonicprime

Campaign Enterprise 11 suffers from multiple remote SQL injection, unauthorized access, clear text password storage, and direct access bypass vulnerabilities.

tags | advisory, remote, vulnerability, sql injection
advisories | CVE-2012-3820, CVE-2012-3821, CVE-2012-3822, CVE-2012-3823, CVE-2012-3824
SHA-256 | e8d346567183491410f6e81ec371092bb1bf59947827d38b5506818c1ca474aa
Dart Communications Stack Overflow
Posted Oct 2, 2012
Authored by catatonicprime

DartWebserver.Dll, an HTTP server by Dart Communications, suffers from a stack overflow vulnerability. Versions 1.9 and below are affected. Proof of concept code included.

tags | exploit, web, overflow, proof of concept
advisories | CVE-2012-3819
SHA-256 | 305223063ea1f05d0ded3e552a5555e23607589feed9ca8044b36a03554ae90f
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close